Source Code Analysis Laboratory (SCALe) for Energy ... - CERT

More documents

Recommendations

Info

Table 9: Analysis Results, Energy Delivery System B False Suspicious True Unknown Total ARR30-C 18 18 ARR36-C 2 106 108 DCL35-C 47 47 DCL36-C 2 2 EXP30-C 2 2 EXP33-C 5 329 334 EXP34-C 13 3 605 621 EXP37-C 40 40 EXP40-C 20 20 FIO30-C 3 2 3 8 FLP35-C 9 9 INT31-C 603 2 6,971 7,576 INT32-C 9 9 MEM30-C 3 3 MEM31-C 21 21 MEM33-C 4 4 MEM34-C 1 1 MSC34-C 326 36 362 PRE30-C 4 4 PRE31-C 11 11 STR30-C 11 11 STR31-C 1 50 51 STR32-C 11 11 STR33-C 1 1 Based on our experience with analyzing energy delivery system A, we added a new category of “suspicious.” This category includes flagged nonconformities that could not easily be proven to be either true or false positives. This was frequently the case for dereferencing null pointers, for example, where the pointer dereferences were unguarded but it was difficult to prove that the pointer was never null without performing whole-program analysis. Suspicious violations are treated as false positives in that they will not result in a system failing conformance testing and will not stop the analyst from analyzing other flagged nonconformities reported against the same coding rule. These are reported as suspicious so that the developer can examine these flagged nonconformities and take appropriate measures. Overall, energy delivery system B had considerably more flagged nonconformities than energy delivery system A, a significant number of which have already been determined to be true positives. CMU/SEI-2010-TR-021 | 36
4 Related Efforts This section describes related conformance assessment activities in today’s marketplace. 4.1 Veracode Veracode’s 17 Risk Adjusted Verification Methodology allows organizations developing or procuring software to measure, compare, and reduce risks related to application security. Veracode uses static binary analysis, dynamic analysis, and manual penetration testing to identify security flaws in software applications. The basis for the VERAFIED security mark is the Security Quality Score (SQS). SQS aggregates the severities of all security flaws found during the assessment and normalizes the results to a scale of 0 to 100. The score generated by each type of assessment is then mapped to the application’s business criticality (assurance level), and those applications that reach the highest rating earn the VERAFIED security mark. 4.2 ISCA Labs ICSA Labs, 18 an independent division of Verizon Business, has been providing independent, third-party product assurance for end users and enterprises for 20 years. ICSA Labs says they provide “vendor-neutral testing and certification for hundreds of security products and solutions for many of the world’s top security product developers and service providers” [Cybertrust 2010]. ICSA Labs provides services in three areas: • Consortium Operations, Security Product Testing, and Certification Programs • Custom Testing Services • Accredited Government Testing Services ICSA Labs is ISO 17025:2005 accredited and ISO 9001:2008 registered. 4.3 SAIC Accreditation and Certification Services SAIC (Science Applications International Corporation ) 19 provides security content automation protocol (SCAP) testing and monitoring of systems for security issues such as software deficiencies, configuration issues, and other vulnerabilities. The testing helps ensure that a computer’s configuration is within guidelines set by the Federal Desktop Core Configuration. Notably, they became an accreditation body under the NIST accreditation to perform SCAP. 4.4 The Open Group Product Certification Services The Open Group 20 has developed and operates an industry-based product certification program in several areas, including UNIX, CORBA, POSIX, and LDAP. They have developed and currently 17 http://www.veracode.com/ 18 http://www.icsalabs.com/ 19 http://www.saic.com/infosec/testing-accreditation/scap.html 20 http://www.opengroup.org/consortia_services/certification.htm CMU/SEI-2010-TR-021 | 37
Page 1 and 2: Source Code Analysis Laboratory (SC
Page 3 and 4: Table of Contents Acknowledgments v
Page 5 and 6: List of Figures Figure 1: SCALe Pro
Page 7 and 8: List of Tables Table 1: True Positi
Page 9 and 10: Acknowledgments We would like to ac
Page 11 and 12: Abstract The Source Code Analysis L
Page 13 and 14: 1 Introduction A key mission of the
Page 15 and 16: 1. Client contacts CERT. The prooce
Page 17 and 18: • The CERT C++ Secure Coding Stan
Page 19 and 20: • A floating-point value with all
Page 21 and 22: 2 Conformance Testing This section
Page 23 and 24: Figure 4: SCALe Conformance Tesstin
Page 25 and 26: • De-duplication of crashing test
Page 27 and 28: Handbook of Applied Acceptance Samp
Page 29 and 30: 2.6 Tracking Diagnostics Across Cod
Page 31 and 32: _Pragma(push: tool_a_maybe_foo, dis
Page 33 and 34: processes. A system of review will
Page 35 and 36: diagnostic codes mapped to a repres
Page 37 and 38: ID Rule Group AA AC 1 AC 2 AC 3 AC
Page 39 and 40: lack of confidence with C++. Howeve
Page 41 and 42: 3.1.1 Impartiality CERT resides wit
Page 43 and 44: 4. CERT will evaluate any deviation
Page 45 and 46: Table 6: Flagged Nonconformities, E
Page 47: Table 8: Flagged Nonconformities, E
Page 51 and 52: 5 Future Work and Summary 5.1 Futur
Page 53 and 54: Bibliography URLs are valid as of t
Page 55 and 56: [MISRA 2004] Motor Industry Softwar
Page 57: REPORT DOCUMENTATION PAGE Form Appr

Source Code Analysis Laboratory (SCALe) for Energy ... - CERT

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?